Original Phishing Message
From: no-reply[@]b24-zhui11[.]bitrix24[.]fr
Subject: Your package s waiting for delivery
Tips for Detection
- The email says its from USPS, but the style and color does not really match the company’s branding
- Look for mismatches between the email address in the body of the email versus the display name.
- Many phishing attempts utilize a time limit for an action, usually requiring payment
Where Did the Link Lead?
The link went to a webpage that eerily looks like the official USPS website, with even a tracking page. However, the first thing you’ll notice off is the url at the top of the page that says “i-knowledge[.]com” This page asks for you to verify your address and other information.
Text of Phishing Message
From: no-reply[@]b24-zhui11[.]bitrix24[.]fr
Subject: Your package s waiting for delivery
Hello [username]@pugetsound.edu!
The package sent to you has been delivered to USPS Office and should be delivered within 48h. Please confirm the payment (0.92) on the link below within a maximum of 14 days before it expires.
Follow My Package [link removed]